REMnux is a malware analysis and reverse engineering toolkit for Linux, that helps to provide lightweight Linux distribution for Malware analysis; not only this REMnux is also accessible as a virtual appliance OVA file. REMnux implements a curated compilation of free tools designed by the community, and all these tools are used by the analyst to investigate the malware outwardly, installing, and configure tools.
Not only this, but it can be used to prevent unusual network traffic in a private lab while conducting behavioral malware summary. Moreover, the REMnux 7.0 is available for download on the distribution website as a virtual machine in OVA format that you can import into VirtualBox, VMware Workstation, VMware vSphere, and VMware Fusion.
Since it’s available in OVA format, it means extracting the content is not required, all you have to do is to store the OVA file into your virtualization software to perform the import.
Incase if your try to extract the OVA file’s contents and then try importing the enclosed OVF file in VirtualBox, you will definitely get an error, “could not verify the content of REMnux.mf against the available files, unsupported digest type.”
Also Learn: Certified Malware Analyst -Exploit Development, Expert Malware Analysis, Threat Research & Reverse Engineering
New REMnux 7.0 released
To celebrate its 10 years of existence, the developers of REMnux launched the new version REMNux 7.0. The founder, Lenny Zeltser, and lead developer of REMnux affirmed that this new version had been re-architected from scratch. REMNux 7.0 is based on Ubuntu 18.04 “Bionic Beaver,” which contains the GNOME UI.
In this new interface, they have added many new up-to-date tools (https://docs.remnux.org/), and here they are:-
- Dynamically reverse engineer malicious code.
- Check for suspicious executable files, documents, and other artifacts.
- Analyze malicious files.
- Run memory forensics on the infected host.
- Examine network and system interactions for behavioral analysis.
- Static code analysis.
- Check static properties.
- Collect and analyze data.
Apart from this, they have also added another exciting feature, the SaltStack application, through which users can automate the installation and system software updates.
The new version also updated with @yararules to REMnux v7, along with the command “yara-rules”, which is a wrapper around “yara” to scan your file using the Yara Rules set.
Download and Installation
If you want to download and use it, then you can add REMnux distro as a layer on top of an existing Ubuntu 18.04 LTS, or else you can install it from scratch. To start using REMNux 7.0 and its tools, you can do the following things:-
- You can download the virtual appliance of the REMnux .
- From scratch, you can install the REMnux on a dedicated system.
- You can also use it as a layer on top of an existing machine running Ubuntu 18.04 LTS.
- You can also run the REMnux as a Docker container.
If you want more information regarding installation, then click here to know in detail.